permission

A Domain Windows Account has rights execute a Scalar Value Function that it not should. The Domain Windows Account is member of Domain Windows Group called VBAS_GVerkstad, thatâ€™s maps to SQL Server Login and the Database User in the database. Itâ€™s the same name for AD Group, Login and User. I have also check User is part of role GVerkstad, â€œPublicâ€.I understand the db user or database role can get associated permissions at the following levels, the Server Level, Database Level, Schema Level, Database Role level, Application Role level or object level.I have tried to check these different levels to find out where the exec permission comes from. I understand that I can use sys.database_permission to get a listing of the permissions. But Iâ€™m really not able to find the spot or spots that gives the permission.

You might run this query to find all the roles of which your login is a member in the current db ...
EXECUTE
AS login = 'your_login';SELECT
u.*
FROM sys.sysusers u
WHERE IS_MEMBER(u.name) = 1 AND u.name <> USER_NAME();

I have tried that and that gives me the error as sa and my own account, member of
sys_admin.Msg 15404, Level 16, State 19, Line 1
Could not obtain information about Windows NT group/user 'air5fleborr', error code 0x5.
Google it and tired to change the dbowner of the databas to valid AD user but still get the error

And if I understand this right its only gives me the Explicit permission. The fu_permission_omplanering has public excute rights. Removes the the excute to public on fu_permission_omplanering. Still the person is able to run the Scalara-value Functions. I tires this to get inherited permissions

If you want to stop someone to execute a function then why bother to check where from he is getting the permission, just use the DENY command. DENY is overweighted to all permission on all users except sysadmin.

You could also use this free tool to find out what the permissions are and where they are coming from.
I was able to get it and it helped me determine what my security model was and it helped me to see where things were coming from. It even parsed out my Active Directory Groups that were logins on my SQL Servers and showed me the users inside them.
Idera SQL secure helps to identify holes in SQL Server security and ensure compliance with increasing audit requirements. SQL secure collects and analyzes permissions data from SQL Server and Active Directory as well as the file system and registry to show who has access to what database objects and how that access is granted.http://www.idera.com/Content/Show42.aspx